The mobile industry has experienced a period of exceptional growth during the last several years, where mobile voice and simple SMS text messaging have provided some of the primary drivers for that growth. As the next generation of mobile network growth evolves, services will be offered, where rich content as well as voice will be transported throughout a combination of mobile and internet environments, using an integrated IP network layer.
An ALL-IP network enables seamless network integration of different access options, e.g., broadband, mobile Internet, fixed Internet, and existing mobile systems, into a single IP layer. As such, all communication services may be carried over a single network infrastructure, thus enabling the integration of voice, data, and multimedia services. Carriers on the ALL-IP networks will glean a number of important benefits as well, including cost savings, scalability, flexibility, efficient network operations, and new revenue opportunities.
The ALL-IP communication system is to be fully compliant with the Third Generation Partnership Project (3GPP) release 5 and 6 standards, with open interfaces and IP Version 6 (IPv6) support. Accordingly, Session Initiation Protocol (SIP) is introduced as a key ingredient in providing support for multimedia services across the Web and Internet domain for IP enabled terminals. For a consumer, for example, this means integrated voice, video, and browsing experience in a single call. With SIP, numerous applications can be implemented which combine traditional telephony with messaging and multimedia. In particular, SIP applications and services may be combined in order to complement and supplement each other in order to provide a more fulfilling and reduced workload experience for the consumer. As applications and services become integrated, they each become readily available to supplement each other's shortcomings. Additionally, however, authentication and authorization of users that access those applications and services becomes increasingly challenging.
Authenticating the identity and authorization of users with a high degree of certainty in open environments has been one of the most significant functional problems encountered when developing services accessible over the Internet. Many different schemes for establishing the desired result have been devised, with varying degrees of certainty, security and user friendliness. Properties of every good identity authentication and authorization mechanism should at least possess, for example: correctness; preservation of anonymity; speed; resistance to attack; low expense; user friendliness; and universality. In order to preserve anonymity, the user authentication and authorization mechanisms should not have direct access to the security credentials of each user. They should, rather, be implemented via Subscriber Identity Module (SIM) or Application Protocol Data Unit (APDU) servers that have direct communications with the associated operating systems.
Within IMS, however, varying signaling protocols exist for authenticating the user, where each protocol may implement its own algorithm, such as the Advanced Encryption Standard (AES) or Digest. The signaling protocols that require authentication when accessing the network include Session Initiation Protocol (SIP), HyperText Transfer Protocol (HTTP), IP via Wireless Local Area Network (WLAN), Extensible Authentication Protocol (EAP), etc. Currently, these IMS protocols implement their own security solutions, where access to the security credentials is facilitated through the use of separated systems such as the Public Key Infrastructure (PKI).
As the ALL-IP communication system develops, a consolidated authentication system is desired, which is able to adapt to the specific bearer mechanism being used. Additionally, the consolidated authentication system should be able to perform multiple algorithms and create the appropriate messages that encapsulate the results of those algorithms depending upon the bearer protocol that requested the authentications. Thus, the consolidated authentication system should have access to the SIM information and other algorithm data within the same platform in order to perform the right calculation. The different applications installed on the platform should register the security algorithms, protocols and credentials that are required for performing each authentication procedure. Once registered, the security information may be accessed by the requesting party from the platform. Such an access would then result in the execution of the correct algorithm and correct result delivery encapsulated into the correct envelope as required by the requesting entity.
Accordingly, there is a need in the communications industry for a system, apparatus and method that facilitates consolidated authentication. The consolidated authentication should have the capability to service authentication procedures from any number of IP bearer protocols and return the results of the authentication procedures in the correct format as required by the requesting entities.